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Method of Restricting Software Operation within A License Limitation 



FIELD OF THE INVENTION 

This invention relates to a method and system of identifying and 
restricting an unauthorized software program's operation. 

BACKGROUND OF THE INVENTION 

5 5^7^ y^umerous methods have been devised for the identifying and 
restricting of unauthorized software program/^ operation. These methods have 
been primarily motivated by the grand proliferation of illegally copied 
software, which is engulfing the marketplace. This illegal copying represents 
billions of dollars in lost profits to commercial software developers. 

10 J \ - . : "Software based products have been developed to validate authorized 
software usage by writing a license signature onto the computer's volatile 
memory (e.g. hard disk). These products may be appropriate for restricting 
honest software users, but they are very vulnerable to attack at the hands of 
skilled system's programmers (e.g. "hackers"). These license signatures are 

15 also subject to the physical instabilities of their volatile memory media. 
i^Cy jj^ T^Hardware base products have also^eSn developed to validate 
authorized software usage by accessing a dongle that is coupled e.g. to the 
parallel port of the Pp*-*'Tliese units are expensive, inconvenient, and not 
particularly suitable for software that may be sold by downloading (e.g. over 

20 the inter 
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There is accordingly a need in the art to provide for a system and 
method that substantially reduce or overcome the drawbacks of hitherto 
known solutions. 

5 SUMMARY OF THE INVENTION 

The present invention relates to a method of restricting software 
operation within a license limitation. This method strongly relies on the use of 
a key and of a record, which have been written into the non-volatile memory 
of a computer. 

10 For a better understanding of the underlying concept of the invention, 

there follows a specific non-limiting example. Thus, consider a conventional 
computer having a conventional BIOS module in which a key was embedded 
at the ROM section thereof, during manufacture. The key constitutes, 
effectively, a unique identification code for the host computer. It is important 

15 to note that the key is stored in a non- volatile portion of the BIOS, i.e. it 
cannot be removed or modified. 

Further, according to the invention, each application program that is to 
be licensed to run on the specified computer, is associated with a license 
record; that consists of author name, program name and number of licensed 

20 users (for network). The license record may be held in either encrypted or 
explicit form. 

Now, there commences an initial license establishment procedure, 
where a verification structure is set in the BIOS so as to indicate that the 
specified program is licensed to run on the specified computer. This is 
25 implemented by encrypting the license record (or portion thereof) using said 
key (or portion thereof) exclusively or in conjunction with other identification 
information) as an encryption key. The resulting encrypted license record is 
stored in another (second) non-volatile section of the BIOS, e.g. E 2 PROM (or 




the ROM). It should be noted that unlike the first non-volatile section, the data 
in the second non-volatile memory may optionally be erased or modified 
(using E PROM manipulation commands), so as to enable to add, modify or 
remove licenses. The actual format of the license may include a string of 
5 terms that correspond to a license registration entry (e.g. lookup table entry or 
entries) at a license registration bureau (which will be further described as part 
of the preferred embodiment of the present invention). 

Having placed the encrypted license record in the second non- volatile 
memory (e.g. the E 2 PROM), the process of verifying a license may be 

10 commenced. Thus, when a program is loaded into the memory of the 
computer, a so called license verifier application, that is a priori running in the 
computer, accesses the program under question, retrieves therefrom the 
license record, encrypts the record utilizing the specified unique key (as 
retrieved from the ROM section of the BIOS) and compares the so encrypted 

15 record to the encrypted records that reside in the~E 2 PROM. In the case of 
match, the program is verified to run on the computer. If on the other hand the 
sought encrypted data record is not found in the E PROM database, this 
means that the program under question is not properly licensed and 
appropriate application define action is invoked (e.g. informing to the user on 

20 the unlicensed status, halting the operation of the program under question etc.) 

Those versed in the art will readily appreciate that any attempt to run a 
program at an unlicensed site will be immediately detected. Consider, for 
example, that a given application, say Lotus 123, is verified to run on a given 
computer having a first identification code (kl) stored in the ROM portion of 

25 the BIOS thereof. This obviously requires that the license record (LR) of the 
application after having been encrypted using kl giving rise to (LR) k i is stored 
in the E 2 PROM of the first computer. 

Suppose now that a hacker attempts to run the specified application in 
a second computer having a second identification code (k2) stored in the 
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ROM portion of the BIOS thereof. All or a portion the database contents 
(including of course (LR) kl ) that reside in the E 2 PROM portion in the first 
computer may be copied in a known per se means to the second computer. It 
is important to note that the hacker is unable to modify the key in the ROM of 
the second computer to Kl, since, as recalled, the contents of the ROM is 
established during manufacture and is practically invariable. 

Now, when the application under question is executed in the second 
computer, the license verifier retrieves said LR from the application and, as 
explained above, encrypts it using the key as retrieved from the ROM of the 
second computer, i.e k2 giving rise to encrypted license record (LR)^ 
Obviously, the value (LR)^ does not reside in the E 2 PROM database section 
of the second computer (since it was not legitimately licensed) and therefore 
the specified application is invalidated. It goes without saying that the data 
copied from the first (legitimate) computer is rendered useless, since 
comparing (LR)^ with the copied value (LR)jh results, of course, in 
mismatch. 

The example above is given for clarity of explanation only and is by no 
means binding. 

In its broadest aspect, the invention provides for a method of restricting 
software operation within a license limitation including; for a computer 
having a first non-volatile memory area, a second non-volatile memory area, 
and a volatile memory area; the steps of: selecting a program residing in the 
volatile memory, setting up a verification structure in the non-volatile 
memories, verifying the program using the structure, and acting on the 
program according to the verification. 

An important advantage in utilizing non-volatile memory such as that 
residing in the BIOS is that the required level of system programming 
expertise that is necessary to intercept or modify commands, interacting with 
the BIOS, is substantially higher than those needed for tampering with data 




residing in volatile memory such as hard disk. Furthermore, there is a much 
higher cost to the programmer, if his tampering is unsuccessful, i.e. if data 
residing in the BIOS (which is necessary for the computer's operability) is 
inadvertently changed by the hacker. This is too high of a risk for the ordinary 
5 software hacker to pay. Note that various recognized means for hindering the 
professional-like hacker may also be utilized (e.g. anti-debuggers, etc.) in 
conjunction with the present invention. 

In the context of the present invention, a "computer" relates to a digital 
data processor. These processors are found in personal computers, or on one 

10 or more processing cards in multi-processor machines. Today, a processor 
normally includes a first non-volatile memory, a second non-volatile memory, 
and data linkage access to a volatile memory. There are also processors 
having only one non-volatile memory or having more than two non-volatile 
memories; all of which should be considered logically as relating to having a 

15 first and a second non-volatile memory areas. There are also computational 
environments where the volatile memory is distributed into numerous 
physical components, using a bus, LAN, etc.; all of which should logically be 
considered as being a volatile memory area. 

According to the preferred embodiment of the present invention, there 

20 is further provided a license authentication bureau which can participate in 
either or both of: 

(i) establishing the license record in the second non-volatile memory; 

and 

(ii) verifying if the key and license record in the non-volatile 
25 memory(s) is compatible with the license record information as extracted 

from the application under question. 

The bureau is a telecommunications accessible processor where 
functions such as formatting, encrypting, and verifying may be performed. 
Performing these or other functions at the bureau helps to limit the 
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understanding of potential software hackers; since they can not observe how 
these functions are constructed. Additional security may also be achieved by 
forcing users of the bureau to register, collecting costs for connection to the 
bureau, logging transactions at the bureau, etc. 
5 According to one example of using the bureau, setting up a verification 

structure further includes the steps of: establishing, between the computer and 
the bureau, a two-way data-communications linkage; transferring, from the 
computer to the bureau, a request-for-license including an identification of the 
computer and the license-record's contents from the selected program; 

10 forming an encrypted license-record at the bureau by encrypting parts of the 
request-for-license using part of the identification as the encryption key; and 
transferring, from the bureau to the computer, the encrypted license-record. 

According to another example of using the bureau, verifying the 
program further includes the steps of: establishing, between the computer and 

15 the bureau, a two-way data-communications linkage; transferring, from the 
computer to the bureau, a request-for-license-verification including an 
identification of the computer, the encrypted license-record for the selected 
program from the second non-volatile memory, and the 
licensed-software-program's license-record contents; enabling the comparing 

20 at the bureau; and transferring, from the bureau to the computer, the result of 
the comparing. 

The actual key that serves for identifying the computer may be 
composed of the pseudo-unique key exclusively, or, if desired, in combination 
with information, e.g. information related to the registration of the user such 
25 as e.g. place, telephone number, user name, license number, etc. In the context 
of the present invention, a "pseudo-unique" key may relate to a bit string 
which uniquely identifies each first non-volatile memory. Alternately the 
"pseudo-unique" key may relate to a random bit string (or to an assigned bit 
string) of sufficient length such that: there is an acceptably low probability of 
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a successful unauthorized transfer of licensed software between two 
computers, where the first volatile memories of these two computers have the 
same key. 

It should be noted that the license bureau might maintain a registry of 

5 keys and of licensed programs that have been registered at the bureau in 
association with these keys. This registry may be used to help facilitate the 
formalization of procedures for the transfer of ownership of licensed software 
from use on one computer to use on another computer. 

Constructing the key in the manner specified may hinder the hacker in 

10 cracking the proposed encryption scheme of the invention, in particular when 
the establishment of the license record or the verification thereof is performed 
in the bureau. Those versed in the art will readily appreciate that the invention 
is by no means bound by the data, the algorithms, or the manner of operation 
of the bureau. It should be noted that the tasks of establishing and/or verifying 

15 a license record may be shared between the bureau and the computer, done 
exclusively at the computer, or done exclusively at the bureau. The 
pseudo-unique key length needs to be long enough to hinder encryption attack 
schemes. The establishing of the key may be done at any time from the 
non- volatile memory's manufacture until an attempted use of an established 

20 license-record in the non-volatile memory. The key is used for encryption or 
decryption operations associated with license-records. In principle, the 
manufacturer of the licensed-software-program may specify the license-record 
format and therefore different formats may, if desired, be used for respective 
applications. 

25 According to the preferred embodiment of the present invention, the 

pseudo-unique key is a unique-identification bit string that is written onto the 
first non-volatile memory by the manufacturer of the is memory media. 

According to one, non-limiting, preferred embodiment of the present 
invention, the first non-volatile memory area is a ROM section of a BIOS; the 




second non- volatile memory area is a E 2 PROM section of a BIOS; and the 
volatile memory is a RAM e.g. hard disk and/or internal memory of the 
computer . 

The present invention also relates to a non-volatile memory media 
5 used as a BIOS of a computer, for restricting software operation within a 
license limitation, wherein a pseudo-unique key is established. 

According to the preferred embodiment of the non-volatile memory 
media of the present invention, the pseudo-unique key is established in a 
ROM section of the BIOS. 

10 

S3 . . 

P BRIEF DESCRIPTION OF THE DRAWINGS: 

£ In order to understand the invention and to see how it may be carried 

out in practice, a preferred embodiment will now be described, by way of 
- non-limiting example only, with reference to the accompanying drawings, in 

" 15 which: 

O Fig. 1 is a schematic diagram of a computer and a license bureau; and 

>n Fig. 2 is a generalized flow chart of the sequence of operations 

~ performed according to one embodiment of the invention. 

20 DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT 

A schematic diagram of a computer and a license bureau is shown in 
Figure 1. Thus, a computer processor (1) is associated with input operations 
(2) and with output operations (3). This computer (processor) internally 
contains a first non- volatile memory area (4) (e.g. the ROM section of the 
25 BIOS), a second non- volatile memory area (5) (e.g. the E PROM section of 
the BIOS), and a volatile memory area (6) (e.g. the internal RAM memory of 
the computer). 




The computer processor is in temporary telecommunications linkage 
with a license bureau (7). 

The first non- volatile memory includes a pseudo-random identification 
key (8), which exclusively or in combination with other information (e.g. user 
5 name), is sufficient to uniquely differentiate this first non-volatile memory 
from all other first non- volatile memories. As specified before, said key 
constitutes unique identification of the computer. 

ffl / The second non- volatile memory includes aTiperfse-record-area (9) e.g. 
fol the containing of at least one encrypted^itt^se-record (e.g. three records 

10 10-12). The volatile memory accopasfiodates a license program (16) having 
license record fields (13-15)^{5pended thereto. By way of example said fields 
stand for Applicationjarime (e.g. Lotus 123), Vendor name (Lotus inc.), and 
no of licensed cqpfes (1 for stand alone usage, >1 for number of licensed users 
for a netwo^k^pplication). 

15 ^S|\Vl?hose versed in the art will readtty appreciate that the license record is 
not necessarily bound to continuos fields. In fact, the various license content 
components of the data record may be embedded in various locations in the 
application. Any component mayTif desired, be encrypted. 

Each one of the encrypted license records (10-12) is obtained by 

20 encrypting the corresponding license record as extracted from program 16, 
utilizing for encryption the identification key (8). 

In a typical, yet not exclusive, sequence of operation, a 
transaction/request is sent, by the computer to the bureau. This transaction 
includes the key (8), the encrypted license-records (10-12), contents from the 

25 license program used in forming a license record (e.g. fields 13-15), and other 
items of information as desired. 
^ The bureau forms the proposed license-record from the contents, 

encrypts (utilizing predetermined encryption algorithm) the so formed 
license-record using the key (8), yand compares the so formed encrypted 



^» -10- 

license-record with the license-records (10-12). The bureau generates an 
overlay according to the result of the/ comparison indication successful 
comparison, non-critical failure comparison and critical failure comparison. 

The bureau returns the overlay which will direct the computer in 

5 subsequent operation. Thus, a success overlay will allow the license program 
to operate. A non-critical failure overlay will ask for additional user 
interactions. A critical failure overlay will cause permanent disruption to the 
computer's BIOS operations. Thus, software operation of the program is 
methodologically according to a license limitation restriction. 

10 Those versed in the art will readily appreciate that the implementation 

as described with reference to Fig. 1 is by no means binding. Thus, by way of 
non-limiting example, the bureau, instead of being external entity may form 
part of the computer. 

Attention is now directed to Fig. 2, showing a generalized flow chart 

15 of the sequence of operations performed according "to one embodiment of the 
invention. 

Thus, selecting (17) a program includes the step of: establishing a 
licensed-software-program in the volatile memory of the computer wherein 
the licensed-software-program includes contents used to form a 

20 license-record. These contents, be they centralize or decentralized, may 
include terms, identifications, specifications, or limitations related to the 
manufacturer of a software product, the distributor of a software product, the 
purchaser of a software product, a licensor, a licensee, items of computer 
hardware or components thereof, or to other terms and conditions related to 

25 the aforesaid. 

Setting up (18) the verification structure includes the steps of: 
establishing or certifying the existence of a pseudo-unique key in the first 
non-volatile memory area; and establishing at least one license-record 
location in the first or the second nonvolatile memory area. 
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Establishing a license-record includes the steps of: forming a 
license-record by encrypting of the contents used to form a license-record 
with other predetermined data contents, using the key; and establishing the 
encrypted license-record in one of the at least one established license-record 
5 locations (e.g. 10-12 in Figure 1). 

Verifying (19) the program includes the steps of: encrypting the 
licensed-software-program's license-record contents from the volatile 
memory area or decrypting the license-record in the first or the second 
non-volatile memory area, using the key; and comparing the encrypted 

io licensed-software-program's license-record contents with the encrypted 
license-record in the first or the second non-volatile memory area, or 
comparing the licensed-software-program's license-record contents with the 
decrypted license-record in the first or the second non- volatile memory area. 
Acting (20) on the program includes the step of: restricting the 

15 program's operation with predetermined limitations if the comparing yields 
non-unity or insufficiency. In this context "non-unity" relates to being unequal 
with respect to a specific equation (e.g. A=B+1); and "insufficiency" relates 
to being outside of a relational bound (e.g. A>B+1). "Restricting the 
program's operation with predetermined limitations" may include actions 

20 such as erasing the software in volatile memory, warning the license 
applicant/user, placing a fine on the applicant/user through the billing service 
charges collected at the license bureau (if applicable), or scrambling sections 
of the BIOS of the computer (or of functions interacting therewith). 

The present invention has been described with a certain degree of 

25 particularity but it should be understood that various modifications and 
alterations may be made without departing from the scope or spirit of the 
invention as defined by the following claims^ 



